Today, virtually every website you visit is collecting various amounts of your data, with varying levels of security. And chances are good that within the last week or two, you either heard a news story or got a notice of a data breach.
Even in financial services where regulations enforced by FINRA and other agencies are strict, customer data is compromised far too often. Like every other industry, financial services firms store almost every bit of customer information online (i.e., in the cloud). The data gold mines that are wealth and asset management firms, insurance providers, and banks are a tempting target for hackers.
If you’re using Hearsay, your customer data just got safer. We recently underwent a SOC 2 audit by the American Institute of CPAs (AICPA) and were awarded SOC 2 compliance. SOC 2 is one of the most common compliance requirements that technology companies need to meet today. It is specifically designed for service providers storing customer data in the cloud. While considered a technical audit, it goes beyond technology to establish strict information security policies and procedures for managing customer data based on five “trust service principles” – security, availability, processing integrity, confidentiality and privacy. To be compliant, service providers must have clear, well-documented, proven strategies around all five of these topics.
Why does SOC 2 Compliance Matter to Hearsay?
If you’re in IT or have any experience in the world of infrastructure, you may know that SOC 2 compliance isn’t a requirement for SaaS and cloud computing vendors. Even most financial services clients require that vendors who store their customer data in the cloud either be SOC 2 compliant or “leverage a provider who is compliant”. Many providers do indeed rely on their IaaS or managed hosting provider – i.e., AWS, Google, Microsoft Azure – to meet the SOC 2 compliance requirement.
However, the SaaS and cloud computing companies who are truly serious about data protection know that simply meeting SOC 2 through leveraging AWS’ certification, for example, is no longer sufficient. With Hearsay’s SOC 2 certification, customers can be assured that Hearsay has end-to-end defined security controls across the entire organization, ensuring an extra layer of protection for your customer data.
As data security becomes an ever-increasing concern and attacks become more sophisticated, we believe this is crucial for every SaaS and cloud provider that does business with financial services companies. Handling customer data according to strict guidelines is at the forefront of our operations. It’s more than ticking a box – it’s a reflection of our commitment to building trusted client relationships.
If you’re going through a security review or doing pre-sales due diligence, we can share our own internal SOC 2 report – just ask.